Entry-Level Information Security Positions

By Peter H. Gregory

When it comes to information security jobs, most companies don’t hire people without experience. However, with the shortage of security talent, organizations are becoming creative: If they can’t find a security professional to fill an open role, they’ll train a person for the position.

An organization hiring one or more entry-level security people will, or should, have security professionals with industry experience already on staff, so you’d be a part of a team that includes people with more experience.

Organizations offer several types of entry-level positions. Although they probably don’t add junior to the job title, it’s included here so you can better understand the role.

Junior security analyst

A junior security analyst is an assistant to a senior-level security analyst, engineer, administrator, or manager. In a general sense, a junior security analyst is responsible for completing tasks that involve the creation or analysis of security-related information, such as the following:

  • SOC operations: Many larger organizations have a security operations center, or SOC, to monitor and manage security-related tools and systems for detecting security incidents, which are relayed to the appropriate personnel. A junior security analyst may be given a variety of chores related to operations in the SOC.

  • IT audits: An IT auditor often needs an assistant to help with a variety of tasks, such as collecting and managing audit evidence as well as creating audit reports.

  • Policy management: A junior security analyst might monitor the compliance of security policies. For instance, a junior analyst may conduct clean desk reviews, observe users’ security-related behavior, or conduct in-person surveys and interviews.

  • Risk management: A junior security analyst might manage the contents of the organization’s risk register and carry out tasks regarding risk treatment, such as documenting risk mitigation or risk acceptance artifacts.

  • Security reporting: The tools and systems that protect an organization contain a lot of security-related information. A junior security analyst might create security metrics and reports that management uses to understand the effectiveness of their security systems.

Junior security administrator

A junior security administrator is a helper on a team of security administrators. Some of the roles that this entry-level security administrator might ­perform include the following:

  • User account administration: In this role, you create user accounts, make access permission changes to existing accounts, and lock or remove a user account when someone leaves the organization. You might also create or manage roles, which are used to control access to data and application functions.

  • Firewall administration: Administering firewalls involves the regular upkeep of their rulesets, the data that a firewall uses to determine whether traffic should be blocked or permitted to pass. Firewalls are also configured to log certain traffic, so you might also examine logs.

  • Intrusion detection system (IDS) and intrusion prevention system (IPS) administration: An IDS and IPS are similar to a firewall, in that they contain rules to manage and logs to examine.

  • Data loss prevention (DLP) administration: A DLP system is used to detect (and, possibly, block) sensitive data being transmitted out of an organization’s network. A DLP system requires a lot of tuning so that routine business operations are not affected. The junior security administrator makes these adjustments, as well as examines logs and takes appropriate action.

  • Antimalware administration: Organizations small and large need anti-malware to keep computer viruses, Trojan horses, and worms out of the network. Larger organizations may accomplish these tasks through a centralized management console, which views and manages the health of antimalware software on workstations and servers. A lot of detail work is required, generally in coordination with senior-level security people. For example, a higher-up may determine which patches are to be applied to which assets at what time, and the junior-level person applies those patches correctly.

  • Spam administration: Practically all organizations employ spam filtering, often through a central console that manages filtering rules, exceptions, and a quarantine area for suspected spam messages. The spam-filtering system and its configuration requires regular attention, to make sure that legitimate email keeps flowing uninterrupted while spam is blocked and put aside.

  • SIEM (security incident and event management) administration: A SIEM is a system that collects log data from lots of systems to correlate little events that help you understand bigger ones, such as employee abuse, system malfunction, and security breaches. A SIEM requires a lot of upkeep in two main areas: configuring alarms and alerts, and setting up feeds from new systems and devices.

  • Vulnerability management: This set of activities may involve running security scanning tools such as Nessus, NMAP, or Rapid7 to look for vulnerabilities in workstations, servers, and network devices. Or you could load the raw output from scanning tools into the vulnerability management module of a GRC platform such as RSAM, Lockpath, or Archer. Also included in vulnerability management is the management of systems to push security patches and configuration changes to servers and workstations.

In all these roles, you learn one or more aspects of security administration and security operations. As you gain experience, you can work your way up to more senior roles.